Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/IDP] How to copy or change recommended policy

0

0

Article ID: KB28005 KB Last Updated: 26 Sep 2013Version: 1.0
Summary:

This article describes how to make a copy of recommended or any other policy, and how to change the actions in the recommended policy to no-action. A procedure for copying the policy and then modifying the action/rules as desired is provided.

Symptoms:

Customer wants to only monitor the traffic and does not want any traffic to be dropped. Recommended policy must be changed.

Cause:

Solution:

Instead of modifying the recommended policy, it is possible to make a copy of it and then modify the action/rules as desired.

Available option for setting up active-policy:


root@SRX# set security idp active-policy ?
Possible completions:
<active-policy> Set active policy
DMZ_Services
DNS_Service
File_Server
Getting_Started
IDP_Default
Recommended
Web_Server
[edit]

root@SRX# copy security idp idp-policy Recommended to idp-policy Recommended-copy

Recommended-copy is a copy of Recommended policy


root@SRX# set security idp active-policy ?
Possible completions:
<active-policy> Set active policy
DMZ_Services
DNS_Service
File_Server
Getting_Started
IDP_Default
Recommended
Recommended-copy
Web_Server
[edit]



root@SRX# set security idp idp-policy Recommended-copy rulebase-ips rule 1 then action no-action

The same procedure can be used to modify the actions and/or add some more rules to the Recommended-copy policy.

When all desired changes have been made, set this Recommended-copy as active-policy and commit the configuration.


Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search